Categories

Meta

Tag: phishing

Do you have a cell phone?
Would you mind terribly if a stranger listens to your voicemail?
So why haven’t you changed the default ‘1234‘ password?Do you have a wireless router?
Would you care if a stranger connects to your home network?
So why haven’t you changed the default ‘admin/admin‘ username/password combination?Do you have a webcam system?
Would you mind terribly if a stranger watches your video feed?
So why haven’t you changed the default anonymous login?

People think of hacking as something done by Russian spies or by genius kids. No one thinks that most of the time the only thing you need is the default password. I honestly don’t get it – how difficult is it to change the initial password out of the box? Why live in the realm of uncertainty when peace of mind is just around the corner?
Here are a few examples to push you in the right direction:

Voicemail:
You would think that a 4-digit password combination allows for 10,000 possibilities, and since after 3 wrong tries the phone call is disconnected, then it would take too much time and too much money to crack the voicemail volt. That is only true in theory, since most people do not change the default 1234 or 1111, it would take exactly one phone call to get in.
Wanna bet? Can you wholeheartedly click this play button knowing there is zero chance of you hearing your own voicemail?

Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.

Wireless router:
[singlepic id=177 w=320 h=240 float=right]Paying for your Internet service? Your neighbor used to do that but decided it would be wiser to use yours instead. Now, there might be legitimate reasons why you would not want your home network to use encryption, but can we agree on MAC address filtering as the bare minimum so that only the computers you know can use it? Even if you have a Jewish attitude of ‘All who are thirsty for bandwidth, let them come and drink my connection’ (a.k.a. ‘Kol dichfin’) – is it too much effort to change the default router password, so that no one will be able to configure it?
And don’t get me started on the legal ramifications of someone downloading copyrighted or illegal material using your bandwidth. Yes, I am sure after three years of trial you would probably be exonerated from any wrongdoing, but it sure would be a fun period until then. To quote Mister Rogers: ‘It’s a beautiful day in this neighborhood’.

Webcams:
You have a small business and you want to keep an eye on it from home, so you hooked up a video surveillance system. You have an aging mother and you want to keep an eye on her caretaker. That is all fine, but why risk someone looking in through the Internet peephole? Let your imagination run wild with the kind of people that might want to watch these video feeds. No imagination? Here are some visual aids captured today:

[singlepic id=178 w=253 h=253]

[singlepic id=179 w=253 h=253]

P.S.
Since my aim is to educate people about privacy and not to teach them how to hack, I did not go into further details. Suffice to say that any one of you can easily enter these systems using your banged up computer and without buying any hardware or software.

When it comes to the right to privacy, most people I talk to just don’t get it. They do not understand it, do not know why it is needed, and do not seem to care much about it. I am not sure whether it is because they are ill-informed, or whether they genuinely do not care what information is known about them. As governments get more tracking tools, cell phone records, biometric data et cetera, it seems that the only people who care about this issue are either clinically paranoid – or accused of being paranoid. Most people just assume their information is safely secured and since they are not ‘bad people’ they have nothing to worry about.

I contend that it is not just ‘Big Brother’ we need to worry about – it’s the sheer unadulterated incompetence of people trusted with our information that really worries me. I have previously wrote about the Israeli Screen Actors Guild revealing private information about its members, like phone numbers, home addresses and social security numbers. A year has passed and nothing was done to rectify the situation.

At the risk of coming off as a stalker, I thought I may be able to promote the subject by publishing from time to time a case study of sorts and although I will redact any information that can uniquely identify the test subject, I hope that by just seeing what kind of information is out there, I would be able to knock some sense into people with regards to their own privacy and digital footprints.

Case Study #1: Ruediger K.

[singlepic id=169 w=525 h=267 float=center]
A tourist from Germany felt remorseful about taking a stone from a holy site in Israel, and sent it back in a parcel addressed to Israel’s Nature and National Parks Protection Authority, along with a letter explaining the situation and $200 for the trouble. The Parks Authority, for reasons beyond my understanding, contacted Maariv, Israel’s 2nd largest newspaper, who printed this story today, accompanied by a scanned image of the original letter. The image, albeit small, is clear enough to be read by anyone who cares to do so – turning this person’s private confession about stealing to public knowledge.

I have already posted an elaborate list of the top annoyances plaguing the Israeli Internet, but wherever my mouse takes me I encounter more and more prototypical examples:
Today, while preparing to reply to a recent reader’s comment in a post I wrote about Israeli actress Hadar Ratzon, I stumbled upon her private cell phone number, her home number, home address, and email. Yes, believe it or not – all it took was a simple Google search, as apparently Shaham, the Israeli Screen Actors Guild thought it wise to upload her resum? to their website, including the mentioned contact details. Upon expanding my search I found around 150 members’ resumes, many of which included contact details and even the coveted national ID number (an SSN equivalent).

[singlepic id=55 w=240 h=360 float=right]Forget about sex tapes leaked to the internet – that is just entertainment compared to the tidal wave of bank frauds, phishing scams and identity thefts headed our way. You thought The Net was a silly 1995 film with Sandra Bullock? Better think again. Lucky for Bullock she is not a member of the Israeli SAG, so I cannot use her cell phone number as a gimmick to end this post – but if you liked the 2007 film Rendition, just pick up the phone and convey that to cast member Hadar Ratzon – you already know how to find her phone number.

It’s not about abortion. It’s about the next 20 years. Twenties and thirties, it was the role of government. Fifties and sixties, it was civil rights. The next two decades, it’s gonna be privacy. I’m talking about the Internet. I’m talking about cell phones. I’m talking about health records, and who’s gay and who’s not. And moreover, in a country born on a will to be free, what could be more fundamental than this?

– Sam Seaborn (Rob Lowe) – The West Wing TV Series

* As with my previous ‘What’s Wrong With the Israeli Internet Today?’ posts, all the information was checked, double checked, and was correct at the time of its publishing. On average, things I complain about tend to get fixed, usually within a few weeks, so if you stumbled upon this page and got different Google results, it probably means that the relevant people read my post. No worries, in the age of Internet Archive, nothing posted on the internet can ever be removed.

** Hadar Ratzon was somewhat surprised an hour ago when I rang her up. Although she knew Shaham had her resum?, she was not aware that any Tom, Dick or Harry can just run her digits and get her on the phone (or show up at her doorstep, for that matter). She did not sound too happy about that.
On a related side note, she acknowledged visiting the mentioned previous post about her on my blog, and insinuated it was the trigger for improving her official Agency page.